28 Apr
2020
28 Apr
'20
5:33 p.m.
We also do something similar to pacman when verifying git tag signatures: https://gitweb.torproject.org/builders/rbm.git/commit/?id=e04f03f9626e993bb6...
Cool!
However for the cases where we don't use a tag (in nightly builds), it sounds like push certificates could be useful to check that the commit we are using was intended for the branch we use. Is it something that we can do with push certificates?
Yes, definitely! I can sketch something out to stir discussion. Would that be desirable? :)
Cheers! -Santiago